Bug 1007447 - check for active sessions not troll proc for uids
Summary: check for active sessions not troll proc for uids
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-12 13:54 UTC by Dmitri Pal
Modified: 2020-05-02 17:28 UTC (History)
7 users (show)

Fixed In Version: sssd-1.12.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 10:27:16 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3126 0 None None None 2020-05-02 17:28:29 UTC
Red Hat Product Errata RHBA-2015:0441 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-03-05 15:05:27 UTC

Description Dmitri Pal 2013-09-12 13:54:27 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2084

When we want to check if a user is logged in (in oreder to decide, for example. whether to keep an old random FILE cache type name) we currently troll /proc to find if any user proces for that uid is present.

We should instead use proper system session management (libsystemd-login and utmp as fallback) to check if a user is actually logged in or not.

It will be faster and cleaner.

We need to just release note this issue. No special QE effort required.

Comment 1 Jakub Hrozek 2013-09-16 13:56:56 UTC
Fixed upstream.

Comment 2 Jenny Severance 2013-09-19 13:14:01 UTC
please add steps to reproduce

Comment 3 Jakub Hrozek 2013-09-19 15:24:18 UTC
This is an improvement in functionality, so not much to "reproduce". But to make sure that the functionality to detect the user is logged in still works, do the following:

1) login from one terminal with ssh
type klist to see the ccache
2) login from another terminal as the same user
type klist again. It should be the same ccache path.

Please also test different methods of login, at least ssh and su. Sumit found out that with the current git head, su doesn't really work reliably.

Comment 6 Martin Kosek 2014-06-17 12:13:50 UTC
Fixed upstream:

b49a7d90708e816120ff88ce5a88fa62b35ff795

Comment 8 Kaushik Banerjee 2015-01-13 14:11:44 UTC
Verified with sssd-1.12.2-39.el7

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ1007447 Validate ccache name for multiple logins
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
:: [ 08:35:28 ] :: Sleeping for 5 seconds

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_1
-bash-4.2$ exit


spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_2
-bash-4.2$ exit

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:35:34 2015 from localhost
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_3
-bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)


spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_1
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_2
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_3
bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
BZ1007447-Validate-ccache-name-for-multiple-logins result: PASS

Comment 10 errata-xmlrpc 2015-03-05 10:27:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html


Note You need to log in before you can comment on or make changes to this bug.